const { error } = require('../utils/service');

module.exports = (_, app) =>
  async function acl(ctx, next) {
    const { id } = ctx.request.body;
    const result = await app.mysql.query(
      'select * from userProject where projectId=? and account=?',
      [id, ctx.session.account]
    );
    if (result.length === 0) {
      throw error('您没有该项目的权限，请联系项目成员添加权限', 403);
    }

    await next();
  };
